imhotep_pmd
April 19, 2022 ยท View on GitHub
An Imhotep plugin for PMD, the static analyzer.
PMD talks to Imhotep via the Static Analysis Results Interchange Format (sarif), which is simply a JSON with a specific schema.
Installation
- Install Imhotep itself from PyPI, since
imhotep_pmdis merely a binding/plugin for Imhotep:pip install imhotep - Install
imhotep_pmdfrom PyPI:pip install imhotep_pmd - Install PMD. Please refer to their website for instructions.
Unless you've unzipped the PMD archive file to ~/bin/pmd-bin-6.44.0/, you'll have to tell imhotep_pmd where to find the executable. This can be achieved by providing a imhotep_pmd.toml at the root directory of the repo you want to run PMD against. The file should contain this line that specifies the command used to invoke PMD:
pmd_command = "~/bin/pmd-bin-6.44.0/bin/run.sh pmd"
Usage
To use the plugin, you'll have to pass a path to the linter in question to the imhotep runtime.
imhotep --linter imhotep_pmd.plugin:PmdLinter
Demo
Let's take #1 as an example.
$ imhotep \
--repo_name="tslmy/imhotep_pmd" \
--github-username="tslmy" \
--github-password="$GITHUB_PASSWORD" \
--pr-number=1 \
--linter imhotep_pmd.plugin:PmdLinter
Screenshots:
| Before | After |
|---|---|
![]() | ![]() |
Integrate with Jenkins
This section walks you through the process of setting up a Jenkins job that automatically run PMD and post review comments to new pull requests (PRs) in a specific GitHub repository.
- Install the Jenkins plugin GitHub Pull Request Builder:

- In GitHub, create a personal access token (PAT):

- In Jenkins, create a freestyle project:

- Under General, tick This project is parameterized, and then add these parameters:

- Under Source Code Management, tick Git, and then configure it like this:

- Under Build Triggers, tick GitHub Pull Request Builder, and then configure it your way.

- Under Build Environment, map your GitHub PAT to the environment variable
GITHUB_PASSWORD:
If you haven't, you can add the credential to Jenkins like this:

- Under Build, add a step Execute shell. Populate it with the content of
jenkins.sh. - Your Jenkins jobs should now automatically run PMD and post review comments whenever a PR is opened.

Development
This project uses Poetry to manage dependencies and to package itself.
To upload a new version to PyPI:
poetry build
poetry publish
When prompted, enter your PyPI credentials.

